This website uses features which update page content based on user actions. If you are using assistive technology to view web content, please ensure your settings allow for the page content to update after initial load (this is sometimes called "forms mode").
Additionally, if you are using assistive technology and would like to be notified of items via alert boxes, please follow this link to enable alert boxes for your profile.

This website uses features which update page content based on user actions. If you are using assistive technology to view web content, please ensure your settings allow for the page content to update after initial load (this is sometimes called "forms mode").
Alert box notification is currently enabled, please follow this link to disable alert boxes for your profile.

Our Director Director's Blog

The cybersecurity report issued today by the Republican members of the House Oversight and Government Reform Committee (HOGR) on the cyber intrusions at the U.S. Office of Personnel Management (OPM) does not fully reflect where this agency stands today.

While we disagree with many aspects of the report, we welcome the committee’s recognition of OPM’s swift response to the cybersecurity intrusions and its acknowledgement of our progress in strengthening our cybersecurity policies, and processes. We also appreciate the panel’s willingness to work with us on these important issues and find many of the final recommendations to be useful for OPM and the Federal Government at-large.

It is therefore important to take stock of our progress and outline the course we are charting for the future.

Over the past year OPM has worked diligently with its partners across government and made significant progress to strengthen our cybersecurity posture, and reestablish confidence in this agency’s ability to protect data while delivering on our core missions.

For example:

We require those who log into OPM’s systems to use strong multi-factor identification forms. This level of security provides a powerful barrier to our networks from individuals who should not have access.

We are in the process of rebuilding and enhancing the web-based application system that individuals use to provide OPM with the information we need to conduct background investigations.

We are one of the first agencies in the Federal Government to fully implement the Continuous Diagnostics and Mitigation program developed by the Department of Homeland Security (DHS), as well as DHS’s Einstein 3a. These initiatives allow agencies to detect and prevent cyber attacks before they can reach our systems, and continuously identify cybersecurity threats and vulnerabilities that might arise.

We have strengthened our legacy technology systems while developing a new, modern IT infrastructure, which will provide a secure environment for OPM well into the future.

We are working with our partners at the Department of Defense who are designing, building, and will operate the IT infrastructure for the new National Background Investigations Bureau, the OPM-based entity that will conduct background investigations for the Federal Government in the future.

These are just a few of the initiatives we have underway, but there is more to this story. At OPM we recognize that cybersecurity is not just about technology – it’s about people. In addition to strengthening our technology, we have added seasoned cybersecurity and IT experts to our already talented team.

OPM has brought on a senior cybersecurity advisor who reports to the Director of OPM. We have hired a new Chief Information Officer as well as a number of new senior IT leaders. And we have centralized our cybersecurity resources under a new Chief Information Security Officer, whose sole responsibility is to take the steps necessary to secure and control access to sensitive information. We also have a strong working relationship with our Office of Inspector General.

The cybersecurity incidents at OPM provided a catalyst for accelerated change within our organization. Throughout this agency, management has embraced cybersecurity as a top priority. I am proud of the way the team at OPM rose to the challenge and appreciate the collaborative spirit with which our partners across government worked - and continue to work – side by side with us each and every day.

We hope Congress will also continue to support our efforts and provide us with the resources we need to continue to strengthen our cybersecurity posture now, and into the future.

In an increasingly interconnected world, the threats we face in the realm of cybersecurity are persistent, sophisticated and constantly evolving. To confront these threats we must remain vigilant in our quest to protect systems and information. At OPM we are committed, we are dedicated, and most importantly we are working tirelessly to continuously enhance the security of our data and fulfill our important mission for the American people.

Unexpected Error

There was an unexpected error when performing your action.

Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.